[go: up one dir, main page]

US20160368457A1 - Data excluding device - Google Patents

Data excluding device Download PDF

Info

Publication number
US20160368457A1
US20160368457A1 US14/901,874 US201414901874A US2016368457A1 US 20160368457 A1 US20160368457 A1 US 20160368457A1 US 201414901874 A US201414901874 A US 201414901874A US 2016368457 A1 US2016368457 A1 US 2016368457A1
Authority
US
United States
Prior art keywords
data
ecu
bus
dominant
excluding device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US14/901,874
Other versions
US10017158B2 (en
Inventor
Akiyoshi Kanazawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yazaki Corp
Original Assignee
Yazaki Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yazaki Corp filed Critical Yazaki Corp
Assigned to YAZAKI CORPORATION reassignment YAZAKI CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KANAZAWA, AKIYOSHI
Publication of US20160368457A1 publication Critical patent/US20160368457A1/en
Application granted granted Critical
Publication of US10017158B2 publication Critical patent/US10017158B2/en
Assigned to YAZAKI CORPORATION reassignment YAZAKI CORPORATION CHANGE OF ADDRESS Assignors: YAZAKI CORPORATION
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/30Detection related to theft or to other events relevant to anti-theft systems
    • B60R25/307Detection related to theft or to other events relevant to anti-theft systems using data concerning maintenance or configuration
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/01Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens
    • B60R25/04Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens operating on the propulsion system, e.g. engine or drive motor
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/407Bus networks with decentralised control
    • H04L12/413Bus networks with decentralised control with random access, e.g. carrier-sense multiple-access with collision detection [CSMA-CD]
    • H04L12/4135Bus networks with decentralised control with random access, e.g. carrier-sense multiple-access with collision detection [CSMA-CD] using bit-wise arbitration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Definitions

  • the present invention relates to a data excluding device, in particular, a data excluding device connected to a bus to which a plurality of nodes is connected.
  • immobilizer function is mounted on a vehicle (For example, patent document 1).
  • Patent Literature 1 JP 2006-21598A
  • Patent Literature 2 JP 2006-212093A
  • the present invention is to provide a data excluding device which can eliminate only communication with a particular node.
  • the present invention provides a data excluding device which connected to a bus connecting between a plurality of nodes having a function for discarding data when receiving continuous dominant equal to or greater than a prescribed bit during data reception.
  • ID of data received via the bus matches a specific ID
  • the data excluding device outputs the continuous dominant equal to or greater than the prescribed bit to the bus. Thereafter, the data excluding device stops outputting of the dominant.
  • the data excluding device transmits RTR for distinguishing whether the data is a data frame or a remote frame for requesting to send the data frame, and subsequently outputs the continuous dominant equal to or greater than the prescribed bit to the bus.
  • the continuous dominant equal to or greater than the prescribed bit to the bus is output to the bus, and then the output of the dominant is stopped. For this reason, it is possible to eliminate only communication with a particular node.
  • data from the particular node can surely be excluded.
  • FIG. 1 is a drawing showing one embodiment of vehicle communication system mounted on a data excluding device of the preset invention.
  • FIG. 2 is time charts showing an output state of ECU A to C and a state of a bus when error is detected at date transmission.
  • FIG. 3A is a drawing showing a frame construction of the head of data (normal frame) transmitted from the ECU.
  • FIG. 3B is a time chart of data transmitted from the ECU.
  • FIG. 3C is a time chart of data on the bus when the data shown in FIG. 3B is data from an illegal ECU.
  • FIG. 3D is a time chart of data on the bus when the data shown in FIG. 3B is data from the illegal ECU.
  • FIG. 4A is a drawing showing a frame construction of the head of data (expansion frame) transmitted from the ECU.
  • FIG. 4B is a time chart of data transmitted from the illegal ECU.
  • FIG. 4C is a time chart of data on the bus when the data from the illegal ECU is transmitted
  • FIG. 1 shows one embodiment of vehicle communication system incorporating the data excluding device of the present invention.
  • an in-vehicle communication system 1 is arranged in each part of a vehicle, and has a ECU 2 as a plurality of nodes for performing control of various electronic devices, a bus 3 communicatively bus-connecting to a plurality of ECUs 2 , a theft sensor 4 for performing detect of illegal ECU illegally exchanged, and a data excluding device 5 which is connected to the bus 3 and eliminating data from the illegal ECU.
  • the above ECU 2 includes an immobilizer ECU for performing authentication of an electronic key, an engine ECU for performing control of engine, and so on, and performs CAN communication with each other. In those ECU 2 , each different ID is assigned.
  • CAN communication adopted with the embodiment of the present invention will be explained before explaining about the theft sensor 4 and the data excluding device 5 of the present invention.
  • the above ECU 2 performs CAN communication each other by transmitting and receiving digital data consisting of H-level signal and L-level signal.
  • H-level signal is “recessive”
  • L-level signal is “dominant”
  • the dominant is the priority
  • an electrical potential of the bus 3 is the dominant
  • the dominant is transmitted.
  • the head of data (standard format) transmitted from each ECU 2 is composed of a SOF, ID, RTR in this order from the head.
  • the SOF is a part first transmitted when the data is transmitted from the ECU 2 , and is the dominant (L).
  • the ECU 2 of the receiving side can perform synchronization by changing from the recessive of bus idle to the dominant.
  • the ID includes ID assigned to each ECU 2 mentioned above.
  • the RTR is to identify whether the data is a data frame or a remote frame for requesting transmission of the data frame.
  • bit stuffing rule In CAN communication, “bit stuffing rule” is adopted.
  • the bit stuffing rule is intended to synchronize, and is a mechanism that one bit of a signal opposite to the transmitted signal is inserted when the same signal is continuous for example 6 bits on the bus 3 .
  • the data excluding device 5 of the present invention eliminates data of illegal ECU using an error processing performed in this CAN communication. First, this error processing will be explained with reference to FIG. 2 .
  • FIGS. 2A to 2D are time charts showing an output state of ECU A to C and a state of the bus when an error is detected at the data transmission.
  • the ECU A transmits data
  • the ECUs B and C receive the data.
  • the ECU A detects a bit error during data transmission
  • the ECU A transmits an error flag (primary) of 7 bits continuous dominant ( FIG. 2A ).
  • the other ECUs B and C When the other ECUs B and C receives the 7 bits (a prescribed bit) continuous dominant, they detects as a bit stuffing rule violation, transmits an error flag (secondary) of 7 bits continuous dominant, and eliminates the data received before now ( FIGS. 2B and 2 C). When the ECU A receives the error flag (secondary), it transmits an error delimiter and retransmits the data after completion of ITM ( FIG. 2A ).
  • the ECU 2 detects an error when receiving data, the error flag (secondary) of 7 bits continuous dominant is output.
  • the ECU 2 of the transmitting side transmits the error flan (secondary) of 7 bits continuous dominant as a form error that the bus is dominant even if data is output, and then retransmits data.
  • ID specific ID
  • detecting an illegal replacement for example, detecting that connection between the ECU 2 and the bus 3 is separated is considered.
  • the data excluding device 5 consists of a non-volatile memory (not shown) in which ID of the illegal ECU is set, and a control circuit (not shown) for performing elimination of the ID of the illegal ECU.
  • a control circuit for performing elimination of the ID of the illegal ECU.
  • ID of the illegal ECU from the theft sensor 4 is stored.
  • the control circuit may be composed of a predetermined logic circuit (hard circuit), microcomputer, or combination of them.
  • the data excluding device 5 monitors data on the bus 3 .
  • the data excluding device 5 receives a SOF of data from the ECU 2 via the bus 3 , it judges whether ID to be next transmitted matches ID of the illegal ECU stored in the memory or not.
  • ID to be next transmitted matches ID of the illegal ECU, the data excluding device 5 outputs 7 bits continuous dominant after RTR is output, and then stops output of dominant.
  • the illegal ECU since the bus 3 is dominant despite transmitting data, the error flag (secondary) of 7 bits continuous dominant is transmitted, and then data is retransmitted. For this reason, since the illegal ECU continues to retransmit data, there is a concern that communication of the other ECU 2 can not be performed. However, the ECU 2 in CAN communication counts the number of transmission of the error flag, is moved to an error-passive state when the number of transmission is equal to or greater than a predetermined number of times, and becomes in a transmission standby state. Thus, the illegal ECU becomes in a transmission standby state at the same time, and data transmission from the other ECU 2 is given priority. As a result, the above concern is resolved.
  • the data excluding device 5 when ID of data matches ID of the illegal ECU, the data excluding device 5 output dominant after RTR is transmitted. Thereby, it is possible to properly eliminate data from the illegal ECU.
  • the data excluding device 5 outputs 7 bits dominant after transmitting RTR, but it is not limited thereto. As shown in FIG. 4 , after transmitting RTR and then transmitting control filed, 7 bits successive dominant may be output. Additionally, after receiving ID, 7 bits successive dominant may be immediately output.
  • the data excluding device 5 outputs 7 bits dominant when matching ID of the illegal ECU, but it is not limited thereto.
  • a bit length of dominant is not limited to 7 bits.
  • a bit length of dominant may be a bit length such as a bit stuffing rule violation is detected.
  • the theft sensor 4 detects the illegal ECU, and only data of the illegal ECU is eliminated, but it is not limited thereto.
  • the specific ECU 2 such as immobilizer ECU, or engine ECU etc.
  • only data of the illegal ECU which is detected by the theft sensor 4 is excluded, but it is not limited thereto.
  • the data excluding device 5 of the present invention it is possible to eliminate only data from a specific ECU 2 . For this reason, for example, it is considered that it is possible to exclude data from the ECU 2 transmitting data which is not to be delivered to the other party.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mechanical Engineering (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)
  • Computer Security & Cryptography (AREA)

Abstract

ECU 2 has a function for discarding data when continuous dominant equal to or greater than 6 bits is received during data reception. A data excluding device 5 is connected to a bus 3 to which the ECU 2 is connected. When ID of data received through the bus 3 matches ID of an illegal ECU detected by a theft sensor 4, the data excluding device 5 outputs 7 bits continuous dominant to the bus 3, and then stops output of the dominant.

Description

    TECHNICAL FIELD
  • The present invention relates to a data excluding device, in particular, a data excluding device connected to a bus to which a plurality of nodes is connected.
    • BACKGROUND ART
  • Conventionally, as a purpose for preventing theft of a vehicle, for example, immobilizer function is mounted on a vehicle (For example, patent document 1). In the immobilizer function, an immobilizer ECU (=node) performs verification of an electronic key. When the electronic key is not matched with the authorized electronic key, starting of an engine is not performed.
    • CITATION LIST Patent Literature [PTL 1]
  • Patent Literature 1: JP 2006-21598A
    • [PTL 2]
  • Patent Literature 2: JP 2006-212093A
    • SUMMARY OF INVENTION Technical Problem
  • However, recently as a purpose for stealing the vehicle on which the immobilizer function is mounted, act to allow operate the engine by replacing the immobilizer ECU or the engine ECU is rife. In other words, since the ECU itself is changed, engine control is performed as if the authorized ECU is operated. For this reason, it is impossible to prevent theft of the vehicle by the vehicle side, and the vehicle get stolen.
  • When the inside of the vehicle is illegally invaded as theft purpose, and an illegal ECU is mounted on the vehicle, it is impossible to prevent it. Further, it is possible to start the engine, and as a result the vehicle is stolen.
  • For this reason, when it is judged that the situation where the occurrence of the vehicle theft is presumed causes, bus failure is generated on network connecting a plurality of ECUs, and operation as a normal vehicle can not be performed (for example, patent document 2).
  • However, in this case, communication of all ECU is not available, and thereby a function which requires to maintain if security ECU etc. is not illegally exchanged is lost.
    • Solution to Problem
  • The present invention is to provide a data excluding device which can eliminate only communication with a particular node.
  • In one aspect, the present invention provides a data excluding device which connected to a bus connecting between a plurality of nodes having a function for discarding data when receiving continuous dominant equal to or greater than a prescribed bit during data reception. When ID of data received via the bus matches a specific ID, the data excluding device outputs the continuous dominant equal to or greater than the prescribed bit to the bus. Thereafter, the data excluding device stops outputting of the dominant.
  • In above configurations, when the ID of data received via the bus matches the specific ID, the data excluding device transmits RTR for distinguishing whether the data is a data frame or a remote frame for requesting to send the data frame, and subsequently outputs the continuous dominant equal to or greater than the prescribed bit to the bus.
    • Advantageous Effects of Invention
  • As described above, according to the present invention, when the ID of data received via the bus is a particular ID, the continuous dominant equal to or greater than the prescribed bit to the bus is output to the bus, and then the output of the dominant is stopped. For this reason, it is possible to eliminate only communication with a particular node.
  • According to the present invention, data from the particular node can surely be excluded.
    • BRIEF DESCRIPTION OF DRAWINGS
  • FIG. 1 is a drawing showing one embodiment of vehicle communication system mounted on a data excluding device of the preset invention.
  • FIG. 2 is time charts showing an output state of ECU A to C and a state of a bus when error is detected at date transmission.
  • FIG. 3A is a drawing showing a frame construction of the head of data (normal frame) transmitted from the ECU.
  • FIG. 3B is a time chart of data transmitted from the ECU.
  • FIG. 3C is a time chart of data on the bus when the data shown in FIG. 3B is data from an illegal ECU.
  • FIG. 3D is a time chart of data on the bus when the data shown in FIG. 3B is data from the illegal ECU.
  • FIG. 4A is a drawing showing a frame construction of the head of data (expansion frame) transmitted from the ECU.
  • FIG. 4B is a time chart of data transmitted from the illegal ECU.
  • FIG. 4C is a time chart of data on the bus when the data from the illegal ECU is transmitted
    •  DESCRIPTION OF EMBODIMENTS
  • Hereafter, a data excluding device of the present invention will be explained with reference to FIG. 1. FIG. 1 shows one embodiment of vehicle communication system incorporating the data excluding device of the present invention. As shown in FIG. 1, an in-vehicle communication system 1 is arranged in each part of a vehicle, and has a ECU 2 as a plurality of nodes for performing control of various electronic devices, a bus 3 communicatively bus-connecting to a plurality of ECUs 2, a theft sensor 4 for performing detect of illegal ECU illegally exchanged, and a data excluding device 5 which is connected to the bus 3 and eliminating data from the illegal ECU.
  • The above ECU 2 includes an immobilizer ECU for performing authentication of an electronic key, an engine ECU for performing control of engine, and so on, and performs CAN communication with each other. In those ECU 2, each different ID is assigned.
  • Next, CAN communication adopted with the embodiment of the present invention will be explained before explaining about the theft sensor 4 and the data excluding device 5 of the present invention. The above ECU 2 performs CAN communication each other by transmitting and receiving digital data consisting of H-level signal and L-level signal.
  • In the embodiment of the present invention, H-level signal is “recessive”, and L-level signal is “dominant” For example, when the recessive and the dominant are simultaneously output from two ECUs, the dominant is the priority, an electrical potential of the bus 3 is the dominant, and the dominant is transmitted.
  • As shown in FIG. 3A, the head of data (standard format) transmitted from each ECU 2 is composed of a SOF, ID, RTR in this order from the head. The SOF is a part first transmitted when the data is transmitted from the ECU 2, and is the dominant (L). The ECU 2 of the receiving side can perform synchronization by changing from the recessive of bus idle to the dominant.
  • The ID includes ID assigned to each ECU 2 mentioned above. The RTR is to identify whether the data is a data frame or a remote frame for requesting transmission of the data frame.
  • In CAN communication, “bit stuffing rule” is adopted. The bit stuffing rule is intended to synchronize, and is a mechanism that one bit of a signal opposite to the transmitted signal is inserted when the same signal is continuous for example 6 bits on the bus 3.
  • The data excluding device 5 of the present invention eliminates data of illegal ECU using an error processing performed in this CAN communication. First, this error processing will be explained with reference to FIG. 2.
  • The ECU 2 performs operation as shown in FIG. 2 when an error is found during data transmission. FIGS. 2A to 2D are time charts showing an output state of ECU A to C and a state of the bus when an error is detected at the data transmission. In FIGS. 2A to 2D, the ECU A transmits data, and the ECUs B and C receive the data. When the ECU A detects a bit error during data transmission, the ECU A transmits an error flag (primary) of 7 bits continuous dominant (FIG. 2A).
  • When the other ECUs B and C receives the 7 bits (a prescribed bit) continuous dominant, they detects as a bit stuffing rule violation, transmits an error flag (secondary) of 7 bits continuous dominant, and eliminates the data received before now (FIGS. 2B and 2C). When the ECU A receives the error flag (secondary), it transmits an error delimiter and retransmits the data after completion of ITM (FIG. 2A).
  • Furthermore, if the ECU 2 detects an error when receiving data, the error flag (secondary) of 7 bits continuous dominant is output. The ECU 2 of the transmitting side transmits the error flan (secondary) of 7 bits continuous dominant as a form error that the bus is dominant even if data is output, and then retransmits data.
  • The theft sensor 4 is a sensor for detecting that each ECU 2 is illegally replaced, and outputs ID (=specific ID) of illegal ECU illegally replaced to a data excluding device 5. As a method for detecting an illegal replacement, for example, detecting that connection between the ECU 2 and the bus 3 is separated is considered.
  • Next, the data excluding device 5 will be explained. The data excluding device 5 consists of a non-volatile memory (not shown) in which ID of the illegal ECU is set, and a control circuit (not shown) for performing elimination of the ID of the illegal ECU. In the memory, ID of the illegal ECU from the theft sensor 4 is stored. Also, it is possible to set ID of the illegal ECU by using a resistor without using a memory. The control circuit may be composed of a predetermined logic circuit (hard circuit), microcomputer, or combination of them.
  • An operation of the in-vehicle communication system 1 will be explained with reference to FIG. 3. The data excluding device 5 monitors data on the bus 3. When the data excluding device 5 receives a SOF of data from the ECU 2 via the bus 3, it judges whether ID to be next transmitted matches ID of the illegal ECU stored in the memory or not. When ID to be next transmitted matches ID of the illegal ECU, the data excluding device 5 outputs 7 bits continuous dominant after RTR is output, and then stops output of dominant.
  • Thereby, as shown in FIG. 3C, a data frame after the RTR is not transmitted, and the 7 bits continuous dominant is transmitted. For this reason, in the ECU 2 of the receiving side, it is detected as a bit stuffing rule violation, the error flag (secondary) of 7 bits continuous dominant is transmitted as described in FIG. 2, and the data received up to now is discarded. As a result, since data from the illegal ECU is not received in the other ECU, engine does not started such as even if an immobilizer ECU or engine ECU is replaced. Furthermore, the other ECU 2 can be operated normally.
  • In the illegal ECU, since the bus 3 is dominant despite transmitting data, the error flag (secondary) of 7 bits continuous dominant is transmitted, and then data is retransmitted. For this reason, since the illegal ECU continues to retransmit data, there is a concern that communication of the other ECU 2 can not be performed. However, the ECU 2 in CAN communication counts the number of transmission of the error flag, is moved to an error-passive state when the number of transmission is equal to or greater than a predetermined number of times, and becomes in a transmission standby state. Thus, the illegal ECU becomes in a transmission standby state at the same time, and data transmission from the other ECU 2 is given priority. As a result, the above concern is resolved.
  • Further, in the above embodiment, when ID of data matches ID of the illegal ECU, the data excluding device 5 output dominant after RTR is transmitted. Thereby, it is possible to properly eliminate data from the illegal ECU.
  • Also, in the above embodiment, a case that data is normal frame is explained, but it is not limited thereto. As shown in FIG. 4, it can be applied to a case of expansion frame. Furthermore, as shown in FIG. 4, different portions between the normal frame and the expansion frame are parts from ID to RTR. In the expansion frame, 11 bits ID is transmitted after sending SOF in common with the normal frame. Then, SSR, IDE, and 18 bits ID are transmitted in order.
  • Furthermore, in the above embodiment, the data excluding device 5 outputs 7 bits dominant after transmitting RTR, but it is not limited thereto. As shown in FIG. 4, after transmitting RTR and then transmitting control filed, 7 bits successive dominant may be output. Additionally, after receiving ID, 7 bits successive dominant may be immediately output.
  • Further, in the above embodiment, the data excluding device 5 outputs 7 bits dominant when matching ID of the illegal ECU, but it is not limited thereto. A bit length of dominant is not limited to 7 bits. For example, a bit length of dominant may be a bit length such as a bit stuffing rule violation is detected.
  • Furthermore, in the above embodiment, the theft sensor 4 detects the illegal ECU, and only data of the illegal ECU is eliminated, but it is not limited thereto. For example, in a case that it is hardly possible that which ECU is replaced, when situations that it is suspect such as theft, for example, a big impact, entry into the vehicle, opening of the door and so on is detected, it is possible to eliminate only data of a specific ECU 2 such as immobilizer ECU, or engine ECU etc. from a plurality of ECUs.
  • Furthermore, according to the above embodiment, only data of the illegal ECU which is detected by the theft sensor 4 is excluded, but it is not limited thereto. According to the data excluding device 5 of the present invention, it is possible to eliminate only data from a specific ECU 2. For this reason, for example, it is considered that it is possible to exclude data from the ECU 2 transmitting data which is not to be delivered to the other party.
  • The illustrated embodiments of the present invention have been described for illustrative purposes only, and not by way of limiting the invention. Accordingly, the present invention can be implemented with various modifications made thereto within the scope of the present invention.
    • REFERENCE SIGNS LIST
    • 2 ECU (node)
    • 3 bus
    • 5 data excluding device

Claims (2)

1. A data excluding device connected to a bus connecting between a plurality of nodes having a function for discarding data when receiving continuous dominant equal to or greater than a prescribed bit during data reception, the data excluding device comprising:
outputting the continuous dominant equal to or greater than the prescribed bit to the bus when an ID of data received via the bus matches a specific ID; and
subsequently stopping outputting of the dominant.
2. The data excluding device according to claim 1, further comprising transmitting RTR for distinguishing whether the data denotes a data frame or a remote frame requesting to send the data frame when the ID of data received via the bus matches the specific ID, and subsequently outputting the continuous dominant equal to or greater than the prescribed bit to the bus.
US14/901,874 2013-07-19 2014-07-17 Data excluding device Active 2035-02-06 US10017158B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2013-150623 2013-07-19
JP2013150623A JP6099269B2 (en) 2013-07-19 2013-07-19 Data exclusion device
PCT/JP2014/069049 WO2015008833A1 (en) 2013-07-19 2014-07-17 Data removal device

Publications (2)

Publication Number Publication Date
US20160368457A1 true US20160368457A1 (en) 2016-12-22
US10017158B2 US10017158B2 (en) 2018-07-10

Family

ID=52346275

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/901,874 Active 2035-02-06 US10017158B2 (en) 2013-07-19 2014-07-17 Data excluding device

Country Status (4)

Country Link
US (1) US10017158B2 (en)
JP (1) JP6099269B2 (en)
DE (1) DE112014003345B4 (en)
WO (1) WO2015008833A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180375881A1 (en) * 2017-06-26 2018-12-27 Panasonic Intellectual Property Management Co., Ltd. Information processing device, information processing method, and non-transitory computer readable recording medium
CN114124533A (en) * 2021-11-24 2022-03-01 山西大鲲智联科技有限公司 Data interception method and device, electronic equipment and computer readable medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107531200A (en) * 2015-05-15 2018-01-02 三菱电机株式会社 Attack detecting device
DE102017216808A1 (en) * 2017-09-22 2019-03-28 Volkswagen Aktiengesellschaft Method for monitoring communication on a communication bus and electronic device for connection to a communication bus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8737426B1 (en) * 2013-03-15 2014-05-27 Concio Holdings LLC High speed embedded protocol for distributed control system
US20140250531A1 (en) * 2006-05-16 2014-09-04 Autonet Mobile, Inc. Method for vehicle intrusion detection with electronic control unit
US20150291128A1 (en) * 2012-10-25 2015-10-15 Yazaki Corporation Electronic key system
US20160259941A1 (en) * 2015-03-06 2016-09-08 Microsoft Technology Licensing, Llc Device Attestation Through Security Hardened Management Agent

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19958564B4 (en) 1999-12-04 2008-11-13 Adam Opel Ag Device for securing motor vehicles against manipulation
DE10147442A1 (en) 2001-09-26 2003-04-17 Bosch Gmbh Robert Method and device and control unit for monitoring a bus system
DE10147446A1 (en) 2001-09-26 2003-04-17 Bosch Gmbh Robert Method and device for monitoring a bus system and bus system
JP4265151B2 (en) * 2002-05-31 2009-05-20 株式会社デンソー Communication terminal setting method and communication terminal
JP2006021598A (en) 2004-07-07 2006-01-26 Toyota Motor Corp Vehicle anti-theft system
JP2006212093A (en) 2005-02-01 2006-08-17 Sayama Precision Ind Co Ball amount detecting switch
JP5395036B2 (en) * 2010-11-12 2014-01-22 日立オートモティブシステムズ株式会社 In-vehicle network system
US8925083B2 (en) 2011-10-25 2014-12-30 GM Global Technology Operations LLC Cyber security in an automotive network
JP5522160B2 (en) * 2011-12-21 2014-06-18 トヨタ自動車株式会社 Vehicle network monitoring device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140250531A1 (en) * 2006-05-16 2014-09-04 Autonet Mobile, Inc. Method for vehicle intrusion detection with electronic control unit
US20150291128A1 (en) * 2012-10-25 2015-10-15 Yazaki Corporation Electronic key system
US8737426B1 (en) * 2013-03-15 2014-05-27 Concio Holdings LLC High speed embedded protocol for distributed control system
US20160259941A1 (en) * 2015-03-06 2016-09-08 Microsoft Technology Licensing, Llc Device Attestation Through Security Hardened Management Agent

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Marco Di Natale, "Understanding and using the Controller Area Network", Oct. 30, 2008, *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180375881A1 (en) * 2017-06-26 2018-12-27 Panasonic Intellectual Property Management Co., Ltd. Information processing device, information processing method, and non-transitory computer readable recording medium
CN114124533A (en) * 2021-11-24 2022-03-01 山西大鲲智联科技有限公司 Data interception method and device, electronic equipment and computer readable medium

Also Published As

Publication number Publication date
JP2015020613A (en) 2015-02-02
US10017158B2 (en) 2018-07-10
JP6099269B2 (en) 2017-03-22
DE112014003345B4 (en) 2022-04-28
WO2015008833A1 (en) 2015-01-22
DE112014003345T5 (en) 2016-04-21

Similar Documents

Publication Publication Date Title
KR102030397B1 (en) Network monitoring device
EP3050251B1 (en) Real-time frame authentication using id anonymization in automotive networks
US20180278616A1 (en) In-vehicle communication system, communication management device, and vehicle control device
CN112347023B (en) Security module for CAN nodes
CN108476155B (en) Unauthorized message detection device, method, recording medium, and electronic control device
US20180167216A1 (en) Network message authentication and verification
US20190123908A1 (en) Arithmetic Device, Authentication System, and Authentication Method
US11647045B2 (en) Monitoring a network connection for eavesdropping
US20170134358A1 (en) Communication system, communication control device, and fraudulent information-transmission preventing method
US10462161B2 (en) Vehicle network operating protocol and method
CN109644189B (en) Data bus protection apparatus and method
WO2017127639A1 (en) Exploiting safe mode of in-vehicle networks to make them unsafe
CN112347022B (en) Security module for CAN nodes
US10017158B2 (en) Data excluding device
US11938897B2 (en) On-vehicle device, management method, and management program
CN112347021B (en) Security module for serial communication device
CN107148760B (en) Method for the serial transmission of frames from a transmitter to at least one receiver via a bus system and participant station for a bus system
US12192374B2 (en) Method and system for data exchange on a network to enhance security measures of the network, vehicle comprising such system
CN111066001A (en) Log output method, log output device, and program
EP3895399B1 (en) Method for detecting intrusion in distributed field bus of a network and system thereof
US20190109867A1 (en) Method And Apparatus For Transmitting A Message Sequence Over A Data Bus And Method And Apparatus For Detecting An Attack On A Message Sequence Thus Transmitted
EP3713190B1 (en) Secure bridging of controller area network buses
US10581609B2 (en) Log message authentication with replay protection
US12184446B2 (en) Relay device, communication network system, and communication control method
Talebi A Security Evaluation and Internal Penetration Testing Of the CAN-bus

Legal Events

Date Code Title Description
AS Assignment

Owner name: YAZAKI CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KANAZAWA, AKIYOSHI;REEL/FRAME:037376/0663

Effective date: 20151210

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: YAZAKI CORPORATION, JAPAN

Free format text: CHANGE OF ADDRESS;ASSIGNOR:YAZAKI CORPORATION;REEL/FRAME:063845/0802

Effective date: 20230331